Secret CSO: Ben King, Okta

What advice would you give to aspiring security leaders? “Don’t be afraid to reach out and ask for help!”

IDGConnect_secretcso_suppliedart_benkingokta_1200x800
Okta

Name: Ben King

Organisation: Okta

Job title: Chief Security Officer – EMEA

Date started current role: June 2020

Location: London, UK

Ben King is the Chief Security Officer at Okta for EMEA, where he leads internal security for the region and provides the operational interface to the global security function. In addition, King leads the global Security Assurance function at Okta, responsible for both Customer and Supplier Security Assurance activities. He has built a reputation for creating and leading high performing teams, having lived and worked in Australia, the United Kingdom, Canada and the USA.

What was your first job? Apart from multiple paper runs as a child and a valuable experience at a (now failed) dot com start-up, my first ‘proper’ job was for PricewaterhouseCoopers – which I absolutely loved. I was part of a large cohort of graduates brought into PwC management consulting services and spent most of my time on SI teams in various stages of the SDLC, coding in SQL or Java, and learning BI tools. The access to world class training and exposure to a variety of customers, methodologies and senior staff made it a fantastic learning environment.  

How did you get involved in cybersecurity? As a software engineer at university and then in the corporate world, I was always curious about testing edge cases and breaking them. Much of this could be used to circumvent security to allow access to data or manipulate code execution towards unplanned outcomes. So, secure code development and testing became a passion of mine. As my career developed and I moved into IT strategy, my knowledge of business risk increased, alongside my understanding of the importance of securing the systems the modern world runs on.  

What was your education? Do you hold any certifications? What are they? In a perfect world, I would have studied Mathematics and Physics and happily specialised there. However, with an eye on making an income I studied Electrical Engineering, specialising in computers and software engineering, and in my second year took up a concurrent Finance degree – both at the University of Sydney. I was able to learn and progress my understanding of mathematics and technology, but tried to put a real-world direction to it. I don’t regret these decisions, and still enjoy reading up on physics in my spare time.

I hold a CISM, which is – for some in the industry – a must-have. Personally, I believe that some certifications need to evolve to prove their actual value. Yes, being certified is an achievement, but what does that really mean for professionals and the industry?

Explain your career path. Did you take any detours? If so, discuss. I began my career as a management consultant in a deeply technical role working on large systems integrations. This mix of technical and customer facing aspects was perfect experience for me as I gained exposure to much of what I enjoy working on now – the interface between people and tech.

Following PwC, I worked briefly for IBM, before deciding to blow a house deposit and travel the world. I got through South and North America before running out of money and so worked in Vancouver for 6 months at a large hospital, which became the most memorable job of my career. Working in healthcare really instilled a sense of customer care and helping those in need, which is something I carry with me today. I then got through Europe and South East Asia to return home again penniless.

Later, I joined the Commonwealth Bank of Australia to write the business case for their huge core banking modernisation programme. This was a project I stayed on to help deliver and blew away anything else I’d ever worked on in terms of ambition, size and scale of execution. All up, I spent 11 years at the CBA which was invaluable financial services and technology experience, and where I made the transition into a dedicated cybersecurity role. The final two years of my time at the CBA I spent as their cybersecurity leader in London, which was great fun.

Following the CBA, I shifted to the vendor side and joined Symantec, and after two years there joined Okta in a regional leadership role. Working for a large bank, I could help a single set of staff and customers. But working for an iconic brand like Okta enables me to help multiple organisations and many people around the world – an inspiring thought.

Was there anyone who has inspired or mentored you in your career? I’ve been blessed with many great leaders and mentors who have taught me so much; I’m continually trying to pay that forward to the next generation. In addition, my parents have always been fantastic role models for me (and I miss them incredibly having been locked down in London for most of 2020!).

What do you feel is the most important aspect of your job? At Okta, I am again doing what I love: helping people, communities and organisations operate securely so they can use the tech they want to deliver great outcomes.

What metrics or KPIs do you use to measure security effectiveness? I split my KPIs down the middle between keeping Okta secure and keeping our customers secure.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? The skills shortage is affecting every organisation. It’s true that there are plenty of motivated people excited to join the industry, but the more technical, non-entry level roles are extremely hard to find good people for. While technical experience is important, I am just as focussed on finding people who bring soft skills and a positive attitude to their work.

Cybersecurity is constantly changing – how do you keep learning? For me, learning is a combination of speaking with peers, reading articles and listening to podcasts. I am currently studying for my Okta Certified Professional certification.

What conferences are on your must-attend list? With the COVID-induced rapid and sustained shift to cloud and remote working, Identity truly is the only perimeter left. I attended Oktane earlier this year and I’m excited for the event again next year. Otherwise, I always enjoy RSAC and Bsides, as well as some smaller regional events in Europe.

What is the best current trend in cybersecurity? The worst? I actually think current events, as terrible as they are, have spurred some important social and technical progress. One of these is the massive adoption of cloud technologies and the sometimes-grumbling acceptance that yes, maybe, it is more secure than our old on-prem data centre. This combined with the ability to leverage best of breed cloud native solutions is a force multiplier for many businesses.

The most controversial one is definitely blockchain. So far, we haven’t seen the financial evolution it had promised, but we did indeed see how it has been used by bad actors to enable anonymous crypto payments to fund crime and empower ransomware.

What's the best career advice you ever received? I was told as a graduate to “push the boundaries until you find out where they really are”, which helped me push myself and perceived norms. Also, “perfection is the enemy of done” inspired me to let go of the pressure to achieve constant perfectionism and focus on getting the job done.

What advice would you give to aspiring security leaders? The world that COVID has enforced upon us all has created a lot of anxiety, risk and technical debt as organisations prioritise busines continuity over anything else. But the challenges we face are faced by us all, and can be made easier by investing in relationships, open and honest communication and helping each other out. So, don’t be afraid to reach out and ask for help!

What has been your greatest career achievement? Certainly the most fun has been relocating my career, family and home to the UK in 2016.

Looking back with 20:20 hindsight, what would you have done differently? While my education was STEM-related, I feel I dropped the ball not by electing to do more arts and humanities while schooling. I enjoyed those subjects (particularly art and history) but put them aside to focus more on maths and sciences. A huge learning for me has been that even with all the best ideas in the world, I can’t effect change without being able to communicate well. So, perhaps the largest area of my own development since has been verbal and written communication skills, which I wish I’d invested in earlier.

What is your favourite quote?“We are what we repeatedly do, excellence therefore is not an act but a habit”, Aristotle.

What are you reading now? On a nostalgia kick, I’ve just re-read Neuromancer and am now re-reading Snow Crash. I enjoy all good (and some trashy) sci-fi.

In my spare time, I like to… I spend my spare time with my beautiful wife Emily and two daughters, Imogen and Anabel, who keep me busy 24/7. Not sure what I’d do with more spare time now, I think I used to like to paint, and have an Xbox somewhere.

Most people don't know that I… Most people don’t know I’m a massive introvert, and most teams I’ve worked with don’t believe me when I tell them.

Ask me to do anything but… to stay in London all winter without being able to travel.